Flipper Zero: new risks for Android and Windows devices

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

In the recent Flipper Xtreme custom firmware update, bluetooth spam feature has been introduced, which may cause security issues. This new feature allows Flipper Zero to send spoofed advertising packets to Android and Windows devices in the surrounding area. Such spam attacks can confuse the target, resulting in continuous and annoying notifications on recipient devices.

How Flipper Zero's bluetooth spam feature was born

The idea to use the bluetooth spam attack on Flipper Zero came from an initial experiment conducted on Apple iOS devices by a security researcher. This has sparked interest in evaluating the effect of such an attack on other platforms. As a result, Flipper Xtreme custom firmware was developed, which includes the bluetooth spam attack as a new feature. This attack aims to overload surrounding devices with notifications and pop-ups, making it difficult to use the affected smartphones.

The Xtreme firmware implementation and attachment options

The Flipper Xtreme development team announced the introduction of "spam attacks" in the next stable firmware release via the Discord channel. In a demonstration video, a denial of service (DoS) attack was shown running on a Samsung Galaxy device. The Flipper

How to protect devices from bluetooth spam

Although Bluetooth spam attacks can be more annoying than dangerous, it is important to take precautions to protect your Android and Windows devices from such inconveniences. On Android, you can turn off Bluetooth notifications via Nearby Sharing settings. On Windows, you can manage Bluetooth notifications through your device settings. It's important to be aware of the potential for phishing and know the steps needed to stop notifications, in case ongoing pranks or inconveniences occur.